Monday, January 14, 2008

Howto: Spy and Sniff Wifi in Ubuntu Gutsy

Ok hacking wifi is as simple as compiling a linux application or simple ./exploit, if you intend to hack your neighbors wifi it is good to get to know who they are, where they are, what they do and know just how smart they are. There is a ton of things you can do with ettercap, the plugins are great. I personally use it to spy on open networks and my own network to find out exactly what my family/friends are doing and to make sure they arent into anything bad. You can use this to spy on your Girlfriend, Children and other good things other than break the law spying on someones wifi you just cracked :) Basically grab aircrack-ng and crack away, once owned you should grab ettercap and configure it:


Install:
sudo apt-get install ettercap-gtk
Lets configure ettercap:
sudo gedit /etc/etter.conf

Lets change the gid, uid:
ec_uid = 0
ec_gid = 0

Now edit the [dissectors] to configure what to sniff out, the default is fine.
We need to uncomment 2 lines for iptables to forward packets:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
Save the file ctrl-s

Start up Ettercap-NG
Once done all we do is sudo ettercap -i wlan0 -G
Now lets set this baby up, simply click on sniff, and then unified sniffing
Press Ctrl-W to start sniffing then ctrl-S to scan for hosts on the lan.
Click on Hosts and bring up the host list, select the box you want to see all communications of as Target 1 and slect the router as Target 2.
Click on MITM->Arp Poisoning, check Sniff Remote connections.
Now click on Plugins->Manage the Plugins and double click on chk_poison to see if poisoning was successful.
Ok im taking it as it is successful, now lets do a little bit of spying:
Click on View->Connections to actively see what ports the target is using and double click on any connection in the list to see what data is being transferred. Ettercap will automatically sniff for passwords as configured in the etter.conf file after [dissectors]
Now basically we can just sit and wait for passwords or we can actively listen in on http/chat sessions.
at

5 comments:

  1. UnknownJanuary 14, 2008 at 5:05 AM

    Any word on wireless NIC compatibility? I have an Intel wireless on a newish Gateway laptop and an old Linksys WMP11 wireless-b card with the Broadcom chipset. Neither work within Gutsy or other distros I've tried. i.e. Aircrack does nothing when you select the eth device and click Start.

    ReplyDelete
  2. kuriharuJanuary 14, 2008 at 4:22 PM

    I've had the same problem. I'm using an Atheros chipset but none of these types of tools work with my wireless card. I might have to use *COUGH* Windows to try aircrack or something. (I just got a chill up my spine)

    ReplyDelete
  3. defconJanuary 14, 2008 at 6:13 PM

    well you will need the correct drivers of course, http://madwifi.org/wiki/Compatibility

    ReplyDelete
  4. LeviJanuary 18, 2008 at 9:33 PM

    Everything works great. I figured it would since I have no issues with aircrack-ng.

    However, I did discover one issue, and you may now the solution:

    I noticed that when doing this AIM6 losses its connection or cannot connect; which is kind of important for keeping an eye on the younger siblings. AIM6 uses the https port(443) to connect. I tried disabling https in the dissectors section of the config file, just for the hell of it, but that had no effect. I also tried manually keeping the port open via iptables, but that didn't do anything either. Any ideas?

    It could be that AIM6 is just finicky, and won't wait long for a response if it slightly delayed?

    ReplyDelete
  5. AnonymousFebruary 16, 2008 at 5:46 PM

    There is no reason to use ettercap. if there is more than a few clients you are going to crash your box. the better solution is use kismet or wireshark or what not and save it as a .pcap

    ReplyDelete